Siemens AG 2016. All Rights Reserved. siemens.com/ruggedcom INTERACTIVE REMOTE ACCESS i-PCGRID WORKSHOP 2016
Siemens AG 2016. All Rights Reserved. siemens.com/ruggedcom
INTERACTIVE REMOTE ACCESS
i-PCGRID WORKSHOP 2016
Siemens AG 2016. All Rights Reserved.
INTERACTIVE REMOTE ACCESS – INTELLIGENT ELECTRONIC DEVICES
Devices that can
provide real-time
monitoring,
measurements,
control, and protection
of the high voltage
power grid assets.
These may include
meters, relays,
Remote Terminal
Units (RTUs), Digital
Fault Recorders
(DFRs), breakers, and
transformer monitors.
Intelligent Electronic Devices (IEDs)
Siemens AG 2016. All Rights Reserved.
INTERACTIVE REMOTE ACCESS – MOTIVATION
ICS-CERT Responses to sector specific cyber security threats across the
critical infrastructure sectors in the U.S. in 2014
Source: The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT)
Percentages related to the total response for 2014
Percentage of incidents
Number of incidents
https://ics-cert.us-cert.gov/sites/default/files/Monitors/ICS-CERT_Monitor_Sep2014-Feb2015.pdf
The most published
vulnerabilities in critical
infrastructure are in the
Energy area.
Siemens AG 2016. All Rights Reserved.
Conform to regulatory requirements
Describing what „must‟ be done
INTERACTIVE REMOTE ACCESS - GUIDANCE
Following Key-Guidelines
Describing „What‟ should be done
NERC CIP
NIST Cyber Sec. Framework
BDEW white paper
Compliant with Key-Standards
Describing „How‟ should it be done
ISO/IEC 62443 (System Security)
ISO/IEC 62351 (Communication Security)
ISO/IEC 27001/27019 (Security Mgmt)
• Follow industry standards, i.e. bdew
• Report on incidents
• Implementation and Certification of an Information
Security Management System (ISMS)
• Cryptographic requirements for Smart Metering
Protection Profile Security Catalogue IT Security Law
• Auditable compliance is required for
bulk power systems (since 2010)
Assessment and certification of ICS systems
Siemens AG 2016. All Rights Reserved.
INTERACTIVE REMOTE ACCESS – DEFENSE IN DEPTH
Defense in depth is
the concept of
protecting a
computer network
with a series of
defensive
mechanisms such
that if one
mechanism fails,
another will already
be in place to
thwart an attack.
Siemens AG 2016. All Rights Reserved.
INTERACTIVE REMOTE ACCESS – DEFENSE IN DEPTH
DEFENSE IN DEPTH
House Lights
Dog barking
House alarm
Police called
In general, one line of defense may
not be enough, but with several
systems in place, it can to help to
deter.
Siemens AG 2016. All Rights Reserved.
INTERACTIVE REMOTE ACCESS - NERC CIP REQUIREMENTS
CIP STANDARD CIP REQUIREMENT DESCRIPTION
CIP-002-5.1 CIP-002-5.1 - Attachment 1
Situational Awareness - includes activities, actions and conditions established
by policy, directive or standard operating procedure necessary to assess the
current condition of the BES and anticipate effects of planned and unplanned
changes to conditions.
CIP-005-5 Electronic Security Perimeter
To manage electronic access to BES Cyber Systems by specifying a
controlled Electronic Security Perimeter in support of protecting BES Cyber
Systems against compromise that could lead to misoperation or instability in
the BES.
CIP-007-5 CIP-007-6 System Security Management
To manage system security by specifying select technical, operational, and
procedural requirements in support of protecting BES Cyber Systems against
compromise that could lead to misoperation or instability in the BES.
CIP-010-1 CIP-010-2 Configuration Change Management
and Vulnerability Assessments
To prevent and detect unauthorized changes to BES Cyber Systems by
specifying configuration change management and vulnerability assessment
requirements in support of protecting BES Cyber Systems from compromise
that could lead to misoperation or instability in the Bulk Electric System (BES).
NERC addresses security and remote access in requirements like those listed above.
Siemens AG 2016. All Rights Reserved.
INTERACTIVE REMOTE ACCESS – NERC CIP DEFENSE IN DEPTH
CIP Table Part Applicability Requirements
CIP-004-5.1 R1 1.1
High Impact BES
Cyber Systems and
Medium Impact BES
Cyber Systems
Security awareness that, at least once each calendar quarter,
reinforces cyber security practices (which may include
associated physical security practices) for the Responsible
Entity‟s personnel who have authorized electronic or authorized
unescorted physical access to BES Cyber Systems.
CIP-005-5 R1 1.1 High/Medium
All applicable Cyber Assets connected to a network via a
routable protocol shall reside within a defined ESP
CIP-005-5 R1 1.2 High w/ERC &
Medium w/ERC
All External Routable Connectivity must be through an
identified Electronic Access Point (EAP).
CIP-005-5 R1 1.3
EAP for High BES &
EAP for Medium BES
Cyber Systems
Require inbound and outbound access permissions, including
the reason for granting access, and deny all other access by
default.
CIP-005-5 R1 1.5
EAP for High BES &
EAP for Medium BES
Cyber Systems
Have one or more methods for detecting known or suspected
malicious communications for both inbound and outbound
communications.
Just some of
the process
requirements
NERC has that
help to address
Defense in
Depth
Siemens AG 2016. All Rights Reserved.
INTERACTIVE REMOTE ACCESS – INTERACTIVE REMOTE ACCESS MGMT
NERC requirement for an Intermediate System for High and Medium Impact BES Cyber Systems
Siemens AG 2016. All Rights Reserved.
INTERACTIVE REMOTE ACCESS - DEFINITIONS
Relevant Definitions in the NERC Glossary of Terms:
Interactive Remote Access – User-initiated access by a person employing a remote access client
or other remote access technology using a routable protocol. Remote access originates from a Cyber
Asset that is not an Intermediate System and not located within any of the Responsible Entity‟s
Electronic Security Perimeter(s) (ESP) or at a defined Electronic Access Point (EAP).
Remote access may be initiated from:
1) Cyber Assets used or owned by the Responsible Entity
2) Cyber Assets used or owned by employees, and
3) Cyber Assets used or owned by vendors, contractors, or consultants. Interactive remote
access does not include system-to-system process communications.
SOURCE: Lesson Learned : CIP Version 5 Transition Program CIP-005-5 R2: Interactive Remote Access1 Version: April 29, 2015
Siemens AG 2016. All Rights Reserved.
INTERACTIVE REMOTE ACCESS - DEFINITIONS
Relevant Definitions in the NERC Glossary of Terms:
SOURCE: Lesson Learned : CIP Version 5 Transition Program CIP-005-5 R2: Interactive Remote Access1 Version: April 29, 2015
Intermediate System – A Cyber Asset or collection of Cyber Assets performing access control to
restrict Interactive Remote Access to only authorized users. The Intermediate System must not be
located inside the Electronic Security Perimeter.”
Siemens AG 2016. All Rights Reserved.
INTERACTIVE REMOTE ACCESS – REMOTE ACCESS METHODS
TUNNELING: Tunnels are typically established through virtual private network (VPN) technologies. Once a
VPN tunnel has been established between a remote client device and the organization‟s VPN gateway, the
remote user can access the remote devices.
APPLICATION PORTALS: An application portal is a server that offers access to one or more applications
through a single centralized interface.
REMOTE DESKTOP APPLICATIONS: A remote desktop access solution gives a user the ability to
remotely control a particular IED from their remote location. The user has control over the remote device
and can access, log in, and configure the remote device.
DIRECT APPLICATION ACCESS: Remote access can be accomplished without using remote access
software. A teleworker can access an individual application directly, with the application providing its own
security (communications encryption, user authentication, etc.)
Siemens AG 2016. All Rights Reserved.
INTERACTIVE REMOTE ACCESS – INTERMEDIATE SYSTEM
• TWO FACTOR
AUTHENTICATION
• ENCRYPTION
TERMINATES AT
INTERMEDIATE
SYSTEM
• PROVIDES
PROTOCOL BREAK
REQUIREMENTS / INTENT
Siemens AG 2016. All Rights Reserved.
INTERACTIVE REMOTE ACCESS - SUMMARY
“There are two types of companies in the world: those that know they've
been hacked, and those that don't.”
*Misha Glenny
Cyber Security attacks are up
Embrace Cyber Security Best Practices
Implement a SECURE Interactive Remote Access solution.
Siemens AG 2016. All Rights Reserved.
INTERACTIVE REMOTE ACCESS
Thank you….
Questions?
Siemens AG 2016. All Rights Reserved.
INTERACTIVE REMOTE ACCESS
Jeff Foley
Business Development Manager
SIEMENS
RUGGEDSOLUTION
Process Industries and Drives Division
Phone: +1 (954) 922-7938
E-mail: [email protected]